Chapter 6
Host Analysis
Introduction
Often referred to as “Deadbox” forensics, this part of the examination focuses on locating any artifacts, malware, registry keys and any other evidence that can be found on the host or “victim” machine. You may here the initial point of infection referred to as “ground zero.” In this chapter we will examine the more common locations where evidence may be found. Today’s forensic tools are now capable of analyzing machines over the network “live,” which sort of eliminates the entire “deadbox” nickname. The results are the same none the less. EnCase[1], X-Ways[3], and FTK[2] are the more common computer forensic applications in use today. There are others, such as Paraben Enterprise Pro[6], ProDiscover[7], Autopsy ...
Get Network Intrusion Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.